add security apache.conf

Signed-off-by: Joerg Jaspert <joerg@debian.org>

diff --git a/config/debian-security/apache.conf b/config/debian-security/apache.conf
new file mode 100644 (file)
index 0000000..b2ae925
--- /dev/null
+++ b/config/debian-security/apache.conf
@@ -0,0 +1,135 @@
+# pretend this is in a vhost
+    ServerAdmin team@security.debian.org
+    DocumentRoot /srv/security-master.debian.org/htdocs-security-master
+    ServerName security-master.debian.org
+
+    ErrorLog /var/log/apache2/security-master.debian.org-error.log
+    LogLevel warn
+    CustomLog /var/log/apache2/security-master.debian.org-access.log combined
+
+
+    Alias /debian-security /org/security.debian.org/archive/debian-security/
+    Alias /buildd/ /org/security-master.debian.org/buildd/
+
+    #RewriteEngine on
+    #RewriteRule ^/$    http://www.debian.org/security/
+
+        # New suite aliases
+        Alias /buildd-lenny /srv/security-master.debian.org/buildd/lenny/
+        Alias /buildd-squeeze /srv/security-master.debian.org/buildd/squeeze/
+
+    # BuildD access list
+    <LocationMatch "^/(buildd|buildd-lenny|buildd-squeeze|debian-security)/">
+        order deny,allow
+        deny from all
+
+        # i386
+        # brahms
+        allow from 206.12.19.115
+        allow from 2607:f8f0:610:4000:216:36ff:fe40:3802
+        # murphy
+        allow from 70.103.162.31
+        # biber
+        allow from 194.177.211.204
+        allow from 2001:648:2ffc:deb:214:22ff:feb2:1268
+
+        # amd64
+        # barber
+        allow from 194.177.211.203
+        allow from 2001:648:2ffc:deb:214:22ff:feb2:2370
+
+        # armel
+        # ancina
+        allow from 157.193.39.13
+        # arnold
+        allow from 217.140.96.57
+        # alain
+        allow from 217.140.96.58
+        # alwyn
+        allow from 217.140.96.59
+        # antheil
+        allow from 217.140.96.60
+
+        # alpha
+        # goetz
+        allow from 193.62.202.26
+
+        # samosa
+        allow from 192.25.206.57
+        # spohr
+        allow from 192.25.206.33
+
+        # mipsel
+        # rem
+        allow from 82.195.75.68
+        allow from 2001:41b8:202:deb:202:4cff:fefe:d06
+        # mayer
+        allow from 140.211.166.78
+        allow from 2001:6f8:1173:2:202:4cff:fefe:d06
+
+        # sparc
+        # lebrun
+        allow from 193.198.184.10
+        # schroeder
+        allow from 193.198.184.11
+        # spontini
+        allow from 206.12.19.14
+        allow from 2607:f8f0:610:4000:a00:20ff:fea0:918b
+
+        # mips
+        # corelli
+        allow from 206.12.19.16
+        allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4489
+        # lucatelli
+        allow from 206.12.19.15
+        allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4141
+        # ball
+        allow from 2001:41b8:202:deb:202:4cff:fefe:d09
+        allow from 82.195.75.70
+
+        # s390
+        allow from 80.245.147.46
+
+        # kfreebsd, i386
+        # finzi
+        allow from 206.12.19.111
+        # field
+        allow from 194.177.211.210
+
+        # kfreebsd, amd64
+        # fasch
+        allow from 194.177.211.201
+        # fano
+        allow from 206.12.19.110
+
+        # ia64
+        # alkman
+        allow from 192.25.206.63
+        # mundy
+        allow from 192.25.206.62
+
+        # powerpc
+        # praetorius
+        allow from 130.239.18.121
+        allow from 2001:6b0:e:2a18:204:acff:fede:459f
+        # poulenc
+        allow from 144.32.168.77
+        # porpora
+        allow from 144.32.168.78
+
+        # Ganneff, test
+        allow from 78.46.40.15
+        allow from 2001:4dd0:ff00:df::2
+        allow from 213.146.108.162
+        allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
+
+        AuthName "security.debian.org"
+        AuthType Basic
+        AuthUserFile /org/security-master.debian.org/apache.htpasswd
+        require valid-user
+
+        # Either good IP address or good user/pass is sufficient
+        satisfy any
+    </LocationMatch>
+
+# end